Securing Android app markets via modeling and predicting malware spread between markets

The Android ecosystem has recently dominated mobile devices. Android app markets, including official Google Play and other third party markets, are becoming hotbeds, where malware originates and spreads. Android malware has been observed to both propagate within markets and spread between markets. I...

Full description

Saved in:
Bibliographic Details
Main Authors: Meng, Guozhu, Patrick, Matthew, Xue, Yinxing, Liu, Yang, Zhang, Jie
Other Authors: School of Computer Science and Engineering
Format: Article
Language:English
Published: 2021
Subjects:
Online Access:https://hdl.handle.net/10356/150817
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-150817
record_format dspace
spelling sg-ntu-dr.10356-1508172021-08-01T13:11:37Z Securing Android app markets via modeling and predicting malware spread between markets Meng, Guozhu Patrick, Matthew Xue, Yinxing Liu, Yang Zhang, Jie School of Computer Science and Engineering Engineering::Computer science and engineering Malware Spread Prediction Epidemic Model The Android ecosystem has recently dominated mobile devices. Android app markets, including official Google Play and other third party markets, are becoming hotbeds, where malware originates and spreads. Android malware has been observed to both propagate within markets and spread between markets. If the spread of Android malware between markets can be predicted, market administrators can take appropriate measures to prevent the outbreak of malware and minimize the damages caused by malware. In this paper, we make the first attempt to protect the Android ecosystem by modeling and predicting the spread of Android malware between markets. To this end, we study the social behaviors that affect the spread of malware, model these spread behaviors with multiple epidemic models, and predict the infection time and order among markets for well-known malware families. To achieve an accurate prediction of malware spread, we model spread behaviors in the following fashion: 1) for a single market, we model the within-market malware growth by considering both the creation and removal of malware; 2) for multiple markets, we determine market relevance by calculating the mutual information among them; and 3) based on the previous two steps, we simulate a susceptible infected model stochastically for spread among markets. The model inference is performed using a publicly available well-labeled dataset AndRadar. To conduct extensive experiments to evaluate our approach, we collected a large number (334,782) of malware samples from 25 Android markets around the world. The experimental results show our approach can depict and simulate the growth of Android malware on a large scale, and predict the infection time and order among markets with 0.89 and 0.66 precision, respectively. This work was supported in part by the International Cooperation Program on Cyber Security, administered by SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, China, under Grant SNHTBH-2017110681. The work of Y. Xue was supported by the CAS (Chinese Academy of Sciences) Pioneer Hundred Talents Program of China. 2021-08-01T13:11:36Z 2021-08-01T13:11:36Z 2019 Journal Article Meng, G., Patrick, M., Xue, Y., Liu, Y. & Zhang, J. (2019). Securing Android app markets via modeling and predicting malware spread between markets. IEEE Transactions On Information Forensics and Security, 14(7), 1944-1959. https://dx.doi.org/10.1109/TIFS.2018.2889924 1556-6013 0000-0001-6388-2571 0000-0002-2979-7151 0000-0001-7300-9215 https://hdl.handle.net/10356/150817 10.1109/TIFS.2018.2889924 2-s2.0-85059260530 7 14 1944 1959 en IEEE Transactions on Information Forensics and Security © 2018 IEEE. All rights reserved.
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic Engineering::Computer science and engineering
Malware Spread Prediction
Epidemic Model
spellingShingle Engineering::Computer science and engineering
Malware Spread Prediction
Epidemic Model
Meng, Guozhu
Patrick, Matthew
Xue, Yinxing
Liu, Yang
Zhang, Jie
Securing Android app markets via modeling and predicting malware spread between markets
description The Android ecosystem has recently dominated mobile devices. Android app markets, including official Google Play and other third party markets, are becoming hotbeds, where malware originates and spreads. Android malware has been observed to both propagate within markets and spread between markets. If the spread of Android malware between markets can be predicted, market administrators can take appropriate measures to prevent the outbreak of malware and minimize the damages caused by malware. In this paper, we make the first attempt to protect the Android ecosystem by modeling and predicting the spread of Android malware between markets. To this end, we study the social behaviors that affect the spread of malware, model these spread behaviors with multiple epidemic models, and predict the infection time and order among markets for well-known malware families. To achieve an accurate prediction of malware spread, we model spread behaviors in the following fashion: 1) for a single market, we model the within-market malware growth by considering both the creation and removal of malware; 2) for multiple markets, we determine market relevance by calculating the mutual information among them; and 3) based on the previous two steps, we simulate a susceptible infected model stochastically for spread among markets. The model inference is performed using a publicly available well-labeled dataset AndRadar. To conduct extensive experiments to evaluate our approach, we collected a large number (334,782) of malware samples from 25 Android markets around the world. The experimental results show our approach can depict and simulate the growth of Android malware on a large scale, and predict the infection time and order among markets with 0.89 and 0.66 precision, respectively.
author2 School of Computer Science and Engineering
author_facet School of Computer Science and Engineering
Meng, Guozhu
Patrick, Matthew
Xue, Yinxing
Liu, Yang
Zhang, Jie
format Article
author Meng, Guozhu
Patrick, Matthew
Xue, Yinxing
Liu, Yang
Zhang, Jie
author_sort Meng, Guozhu
title Securing Android app markets via modeling and predicting malware spread between markets
title_short Securing Android app markets via modeling and predicting malware spread between markets
title_full Securing Android app markets via modeling and predicting malware spread between markets
title_fullStr Securing Android app markets via modeling and predicting malware spread between markets
title_full_unstemmed Securing Android app markets via modeling and predicting malware spread between markets
title_sort securing android app markets via modeling and predicting malware spread between markets
publishDate 2021
url https://hdl.handle.net/10356/150817
_version_ 1707050423875010560